Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
Category Archives: Security
Security
CVE-2013-0406 (sunos)
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.
CVE-2013-1511 (mysql, solaris)
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2013-0408 (sunos)
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
CVE-2013-0403 (sunos)
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
Oracle Java SE Critical Patch Update Advisory – April 2013
Oracle Critical Patch Update Advisory – April 2013
[BSA-080] Security Update for postgresql-9.1
Package : postgresql-9.1
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1899 CVE-2013-1900 CVE-2013-1901
Debian Bug : 704479
Several vulnerabilities were discovered in PostgreSQL database server.
CVE-2013-1899
Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center
discovered that it was possible for a connection request containing a
database name that begins with "-" to be crafted that can damage or destroy
files within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request.
CVE-2013-1900
Random numbers generated by contrib/pgcrypto functions may be easy for
another database user to guess.
CVE-2013-1901
An unprivileged user could run commands that could interfere with
in-progress backups
For backports for the stable distribution (squeeze-backports), these
problems have been fixed in version 9.1.9-1~bpo60+1.
For the stable dist
CVE-2012-1038 (networks_mobility_system_software)
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Removal of postgresql-9.0 from backports
The postgresql-9.0 package on backports.debian.org is no longer maintained, and was finally removed from the archive now. postgresql-9.0 will not be part of the next Debian release, and hence was removed from Debian/testing and unstable. Backports is now following this move. There are two options for users of postgresql-9.0: * Upgrade to postgresql-9.1 which will be shipped with wheezy. This package is part of backports.debian.org. * Switch to the PostgreSQL APT archive at apt.postgresql.org, as detailed in https://wiki.postgresql.org/wiki/Apt. This archive provides compatible 9.0 packages. (And 9.1 and 9.2.) postgresql-9.0 is affected by the upcoming security update: http://www.postgresql.org/about/news/1454/ Please move away from the backports.debian.org version of postgresql-9.0 as soon as possible. Christoph